[PATCHv2 2/3] Add ability to authorize viewing a repository
Jason A. Donenfeld
Jason at zx2c4.com
Sun Oct 28 02:16:36 CET 2012
On Sat, Oct 27, 2012 at 7:00 PM, Ben Boeckel <mathstuf at gmail.com> wrote:
> Single quote the arguments to the executable. This is ripe for code
> execution (remote_user is under attacker's control).
Was going to mention this myself, but you beat me too it. Dead on.
Please double double tripe triple check your code before submitting things.
While we're on the topic, is "system" the best way to be calling this?
Since an auth helper gets called for each and every request, it seems
like it'd be cleanest if we could just fork/exec/wait ourselves,
passing the options in to execv. This way we don't have to fire up a
shell interpreter each time.
More information about the CGit